File sharing system and file sharing method

ABSTRACT

Privacy information of a user is protected without hampering convenience when such user is to process a file in an online file storage. Provided is a file sharing system including at least one or more information processing units and a storage apparatus connected to the at least one or more information processing units via the Internet, and for storing files from the at least one or more information processing units in the storage apparatus and sharing the stored files with the at least one or more information processing units. The information processing unit includes a file creation unit for separating, when creating a file in the storage apparatus, privacy information that identifies a user creating the file from information required for creating the file in the storage apparatus, and creating the file in the storage apparatus by using information obtained by converting the separated privacy information.

CROSS REFERENCES

This application relates to and claims priority from Japanese PatentApplication No. 2007-283688, filed on Oct. 31, 2007, the entiredisclosure of which is incorporated herein by reference.

BACKGROUND

The present invention relates to a file sharing system and a filesharing method, and, for instance, can be suitably applied to a filesharing system and a file sharing method that protects the privacy ofusers using files stored in an online file storage, which is accessed byan unspecified number of information processing units, upon sharing suchfiles with third parties.

A user is able to store files in one's PC (Personal Computer) in anonline file storage or file server as represented by “Amazon (registeredtrademark) S3 (Simple Storage Service)” via the Internet. With thesenetwork-connected storage apparatuses, NFS (Network File System), HTTP(Hyper Text Transfer Protocol), or the like is used upon storing filesin the online file storage.

With NFS and HTTP, the storage apparatus-side possesses the file systemfunction, and the file system centrally controls the account informationdatabase, the file path name, and the physical layout of files in thedisk drive.

The online file storage authenticates a client by verifying the accountname and password designated by the client with the account informationdatabase. The online file storage manages the access authorityinformation per file, and prevents unauthorized access by onlypermitting the account possessing access authority to access therelevant file.

A file is provided with a path name for uniquely identifying the filesin the online file storage. The path name is configured from a hierarchyof a directory storing the file and the file name. Although an arbitrarycharacter string can be used as the hierarchy of directory and the filename, under normal conditions a unique name or numbers are used so thatthe file creator will be able to understand the contents of the file.The path name of the file is being managed by the online file storagestoring such file (for instance, refer to http://aws.amazon (registeredtrademark).com/s3).

There is also technology known as “CleverSafe (registered trademark)” or“pNFS” that enables the use of a plurality of online file storagesconnected to a network as a single virtual storage apparatus. Thistechnology is configured from an online file storage storing files, aclient that accesses the files, and a metadata server for managing thelocation of the files.

The metadata server authenticates a client by verifying the account nameand password designated by the client with the account informationdatabase. The online file storage also authenticates a client byverifying the account name and password designated by the client withthe account information database. In the case of “CleverSafe,” a singleaccount information database is used among the metadata server, theonline file storage, and the client. The user or application only needsto log on one time to the client, and does not need to remember theaccount information for each metadata server or plurality of online filestorages. Upon creating a file, the client designates the path name ofthe file to be created and issues a file creation request to themetadata server. Meanwhile, the metadata server determines the position;that is, in which online file storage the file is to be stored, andreturns such position information to the client. The client stores thefile in the designated online file storage. The path name of the file ismanaged by the metadata server. A plurality of metadata servers mayexist, and may respectively possess an independent name space.

SUMMARY

Nevertheless, since the conventional technology pursued the conveniencein the use and sharing of files, it had disadvantages in the protectionof privacy information of individuals. In particular, since online filestorage is not a very reliable service, the popularization of theforegoing service is being delayed since users are reluctant to use saidservice in fear that their privacy information will be leaked.

For instance, in the case of services such as “Amazon (registeredtrademark),” upon storing files in the online file storage, informationcapable of specifying an individual is stored as information incidentalto the files. This is called privacy information. As examples of privacyinformation, there are the owner name of the file, group name to whichthe owner belongs, path name of the, file type, access time to the file,access authority information of the file, and so on.

The problems concerning privacy upon managing the account name on theonline file storage-side are now explained. Since the online filestorage-side is able to list all files created with that account, as aresult of associating and analyzing the account name, path name of thefile and access history, it will be possible to identify the user whoopened that account and specify the activities of such user. Thus, therewas a problem in that the privacy of users cannot be protected.

Although the use of a random character string for the path name of thefile can be considered as a solution for making the identification ofindividuals difficult, in the case of a random character string, thereis a problem in that the contents of the file cannot be guessed from thefile name, thereby inconveniencing the user. In addition, since theaccount name information owning the file per file is being managed bythe online file storage-side, it will be possible to identify the useror specify the user's actions by analyzing which account accessed whichfile.

When using architecture such as “CleverSafe,” since the metadata servermanages the path name of the file, the path name of the file cannot beobtained by referring to the information incidental to the file onlyfrom the online file storage-side. Thus, it will be difficult toidentify the user. Since the user is able to access the file using thepath name, the user's convenience will not be hampered.

Nevertheless, since account information is shared among the metadataserver, the online file storage, and the client, the online filestorage-side will be able to collect the access history informationregarding which account user accessed which file. Thus, there is aproblem in that it will be possible to identify the user or specify theuser's actions by analyzing such information.

The present invention was made in view of the foregoing points. Thus, anobject of the present invention is to propose a file sharing system anda file sharing method for protecting the privacy information of userswithout hampering convenience when the user is to process files in theonline file storage.

Another object of the present invention is to propose a file sharingsystem and a file sharing method for sharing data among a plurality ofusers via the online file storage while protecting the privacyinformation of users.

In order to achieve the foregoing objects, the present inventionprovides a file sharing system including at least one or moreinformation processing units and a storage apparatus connected to the atleast one or more information processing units via the Internet, and forstoring files from the at least one or more information processing unitsin the storage apparatus and sharing the stored files with the at leastone or more information processing units. The information processingunit comprises a file creation unit for separating, when creating a filein the storage apparatus, privacy information that identifies a usercreating the file from information required for creating the file in thestorage apparatus, and creating the file in the storage apparatus byusing information obtained by converting the separated privacyinformation.

The present invention additionally provides a file sharing systemincluding at least one or more information processing units and astorage apparatus connected to the at least one or more informationprocessing units via the Internet, and for storing files from the atleast one or more information processing units in the storage apparatusand sharing the stored files with the at least one or more informationprocessing units. The information processing unit comprises a managementtable for at least managing privacy information containing a firstaccount and a first path that identify a user creating a file, andstorage management information containing a second account that isdifferent from the first account and a second path that is differentfrom the first path, a registration unit for creating the second accountand the second path from the first account and the first path uponcreating a new file in the storage apparatus, and associating andregistering the first account and the first path in the managementtable, and a file creation unit for creating the new file in the storageapparatus by using second account and the second path registered in themanagement table.

According to the present invention, it is possible to propose a filesharing system and a file sharing method for protecting the privacyinformation of users without hampering convenience when the user is toprocess files in the online file storage.

According to the present invention, it is also possible to propose afile sharing system and a file sharing method for sharing data among aplurality of users via the online file storage while protecting theprivacy information of users.

DESCRIPTION OF DRAWINGS

FIG. 1 is a diagram showing the configuration of a privacy protectionfile sharing system according to the first embodiment of the presentinvention;

FIG. 2 is a diagram showing the physical configuration of a PC accordingto the first embodiment;

FIG. 3 is a diagram showing the physical configuration of an online filestorage according to the first embodiment;

FIG. 4 is a diagram showing an example of a personal account managementtable according to the first embodiment;

FIG. 5 is a diagram showing an example of a storage management tableaccording to the first embodiment;

FIG. 6 is a diagram showing an example of a file management tableaccording to the first embodiment;

FIG. 7 is a diagram showing an example regarding the type of informationcontained in a personal access authority information column according tothe first embodiment;

FIG. 8 is a diagram showing an example regarding the type of informationcontained in a personal time information column according to the firstembodiment;

FIG. 9 is a diagram showing an example of an anonymization trigger tableaccording to the first embodiment;

FIG. 10 is a diagram showing an example of a storage account managementtable according to the first embodiment;

FIG. 11 is a diagram showing an example of a file system managementinformation table according to the first embodiment;

FIG. 12 is a diagram showing an example of initialization requestinformation according to the first embodiment;

FIG. 13 is a diagram showing an example of a request format whenrequesting file creation to the personal file management systemaccording to the first embodiment;

FIG. 14 is a diagram showing an example of a request format whenrequesting file creation to the online file storage according to thefirst embodiment;

FIG. 15 is a diagram showing an example of a request format whenrequesting file referral to the personal file management systemaccording to the first embodiment;

FIG. 16 is a diagram showing an example of a request format whenrequesting file referral to the online file storage according to thefirst embodiment;

FIG. 17 is a diagram showing an example of a request format whenrequesting file update to the personal file management system accordingto the first embodiment;

FIG. 18 is a diagram showing an example of a request format whenrequesting file update to the online file storage according to the firstembodiment;

FIG. 19 is a diagram showing an example of a request format whenrequesting file deletion to the personal file management systemaccording to the first embodiment;

FIG. 20 is a diagram showing an example of a request format whenrequesting file deletion to the online file storage according to thefirst embodiment;

FIG. 21 is a diagram explaining the outline of share processing andsearch processing according to the first embodiment;

FIG. 22 is a diagram showing an example of a request format whenrequesting file sharing to the personal file management system accordingto the first embodiment;

FIG. 23 is a diagram showing an example of a request format whenrequesting file search to the personal file management system accordingto the first embodiment;

FIG. 24 is a diagram showing an example of a request format whenrequesting account management to the personal file management systemaccording to the first embodiment;

FIG. 25 is a flowchart showing the processing to be executed by aninitialization unit according to the first embodiment;

FIG. 26 is a flowchart showing the processing to be executed by arequest processor according to the first embodiment;

FIG. 27 is a flowchart showing file creation processing according to thefirst embodiment;

FIG. 28 is a flowchart showing file referral processing according to thefirst embodiment;

FIG. 29 is a flowchart showing file update processing according to thefirst embodiment;

FIG. 30 is a flowchart showing file deletion processing according to thefirst embodiment;

FIG. 31 is a flowchart showing file share processing according to thefirst embodiment;

FIG. 32 is a flowchart showing file search processing according to thefirst embodiment;

FIG. 33 is a flowchart showing account management processing accordingto the first embodiment;

FIG. 34 is a flowchart showing the processing to be executed by ananonymization support function unit according to the first embodiment;

FIG. 35 is a diagram schematically showing the configuration of a systemaccording to the second embodiment of the present invention;

FIG. 36 is a diagram showing a file management table according to thesecond embodiment; and

FIG. 37 is a diagram schematically showing the configuration of a systemaccording to the third embodiment of the present invention.

DETAILED DESCRIPTION

The respective embodiments of the present invention are now explainedwith reference to the attached drawings.

First Embodiment

The first embodiment is foremost explained. FIG. 1 is a diagram showingthe configuration of a privacy protection file sharing system. As shownin FIG. 1, the privacy protection file sharing system 1 comprises a PC(Personal Computer) 100, a portable terminal 200, and online filestorages 300 and 400. The PC 100, the portable terminal 200, and theonline file storages 300 and 400 are connected via the Internet 10. ThePC 100, the portable terminal 200, and the online file storages 300, 400contained in the privacy protection file sharing system 1 are notlimited to the example shown in FIG. 1, and it would suffice so as longas there are at least one or more PCs or portable terminals, and one ormore online file storages.

In addition, although the privacy protection file sharing system 1 shownin FIG. 1 adopts a configuration that uses the online file storages 300,400 connected to the Internet 10 as the storage apparatus for storingfiles, the privacy protection file sharing system, for instance, mayalso be applied to a local environment in a data center. When applyingthe privacy protection file sharing system 1 in this kind of localenvironment, a file server, a NAS (Network Attached Storage) or the likemay be used in substitute for the online file storage. The Ethernet(registered trademark) may also be used to connect the PC and the fileserver.

The PC 100 includes an application 110, and a personal file managementsystem 120. The application 110 is a controller for realizingapplications that perform various operations, and creates files in theonline file storage 300 or 400 via the personal file management system120, and refers to and updates the created files. The personal filemanagement system 120 performs processing for protecting privacyinformation from the online file storages 300, 400 by separatingmanagement information (hereinafter referred to as “privacyinformation”) capable of identifying the individual user using theapplication among the management information required for managing thefile, and managing the privacy information in the personal filemanagement system 120. Details concerning this processing will bedescribed later.

The personal file management system 120 has an initialization unit 130,a request processor 140, an anonymization support function unit 150, apersonal account management table 160, a storage management table 170, afile management table 180, and an anonymization trigger table 190. Theinitialization unit 130 is a processor to be executed when a user issuesa request to the personal file management system 120 for newly creatinga file system. The request processor 140 is a processor for processingrequests from the application 110 such as file creation, referral,update and deletion, file search, file sharing, and account management.The anonymization support function unit 150 is a processor forperforming processing that maintains anonymity concerning the accesshistory by accessing the files or creating random files in the onlinefile storages 300, 400 irrelevant to the file access request from theapplication 110, and prevents the cracking of passwords by periodicallychanging the password of the storage account. Details concerning theprocessing contents of the initialization unit 130, the requestprocessor 140, and the anonymization support function unit 150, and thecontents stored in the personal account management table 160, thestorage management table 170, the file management table 180, and theanonymization trigger table 190 will be described later.

The portable terminal 200, for example, is a PDA (Personal DigitalAssistant). The portable terminal 200 has an application 210, and apersonal file management system 220. The detailed explanation of thesecomponents is omitted since the explanation will be the same as the caseof the PC 100 even though the reference numerals are different. In FIG.1, the illustration of the respective processors and tables in thepersonal file management system 220 is omitted.

The online file storage 300 is a storage for storing files from the PC100, and the portable terminal 200. The online file storage 300 has afile server unit 310, a storage account management table 320, a filesystem management information table 330, and a volume 340. The fileserver unit 310 executes processing for realizing the functions as afile server. The contents stored in the storage account management table320 and the file system management information table 330 will bedescribed later. The volume 340 is configured from a plurality ofphysical disks. Explanation of the online file storage 400 is omittedsince it is configured the same as the online file storage 300 eventhough the reference numeral is different.

FIG. 2 is a diagram showing the physical configuration of the PC 100.The PC 100 includes a CPU (Central Processing Unit) 101, a memory 102,an HDD (Hard Disk Drive), and a network interface 105 as its constituentelements, and these components are connected via an internal bus 104.The internal bus 104 is also connected to a display 106, a keyboard 107,and a mouse 108.

The CPU 101 executes the various programs stored in the memory 102 andrealizes the various types of processing such as the processing to beperformed by the initialization unit 130 in the application 110 and thepersonal file management system 120, processing of the request processor140, and processing of the anonymization support function unit 150. Thememory 102 stores the various programs to be executed by the CPU 101,and also retains the personal account management table 160, the storagemanagement table 170, the file management table 180, and theanonymization trigger table 190. The network interface 105 controls thecommunication with the online file storages 300, 400 via the Internet10. The display 106 displays necessary information to the user for theuser conduct operations using the PC 100. The keyboard 107 and the mouse108 are used inputting commands to the PC 100 when the user conductsvarious operations with the PC 100.

FIG. 3 is a diagram showing the physical configuration of the onlinefile storage 300. The online file storage 300 has a network interface301, a controller 302, a cache memory 303, an internal bus 304, a diskinterface 305, and hard disk drives 306 to 308.

The network interface 301 controls the communication with the PC 100 andthe portable terminal 200 via the Internet 10. The controller 302 has abuilt-in memory and the like, and executes the processing of the fileserver unit 310 by executing the programs stored in the memory. Thecache memory 303 temporarily stores the sent and received data via thenetwork interface 301. The internal bus 304 connects the networkinterface 301, the controller 302, the cache memory 303, and the diskinterface 305. The disk interface 305 controls the writing of data intothe hard disk drives 306 to 308 and the reading of data from the harddisk drives 306 to 308. The hard disk drives 306 to 308 configure thevolume 340 and also store various files.

The personal account management table 160, the storage management table170 and the file management table 180 stored in the personal filemanagement system 120 of the PC 100 are now explained with reference toFIG. 4 to FIG. 8.

FIG. 4 is a diagram showing an example of the personal accountmanagement table 160. The personal account management table 160 is atable for managing the account name and password to be used by thepersonal file management system 120 for authenticating the user. Thereis one personal account management table 160 for each personal filemanagement system 120.

The personal account management table 160 has a personal account namecolumn 161, a password column 162, a password expiration date column163, and an affiliated group name column 164. The personal account namecolumn 161 is a column for storing an account name for uniquelyidentifying the user in the personal file management system 120 managingthe personal account table 160. The password column 162 is a column forstoring the password corresponding to the account name. A password isused for authenticating the valid user when the passwords coincide. Thepassword expiration date column 163 is a column for storing theexpiration date of the password. The affiliated group name column 164 isa column for storing the group name to which the account belongs. Thegroup name is unique information in the personal file management system120.

The personal account management table 160, for instance, stores “USER1”in the personal account name column 161, “PWA” in the password column162, “07/07/07” in the password expiration date column 163, and “Group1”in the affiliated group name column 164.

FIG. 5 is a diagram showing an example of the storage management table170. The storage management table 170 is a table for managing the onlinefile storage group in which the personal file management system 120 isstoring the files, and the online file storage-side account informationthat is available upon storing the files. Since a plurality of accountsare available to a single online file storage, entries in tables in thesame number as the accounts exist. The storage management table 170 hasa storage identifier column 171, a storage account name column 172, apassword column 173, a password expiration date column 174, and a usedfile count column 175.

The storage identifier column 171 is a column for storing the storageidentifier that is used for uniquely identifying the online filestorage. For example, the IP (Internet Protocol) address or URL (UniformResource Locator) of the online file storage is used. The storageaccount name column 172 is a column for storing the account name that isbeing managed by the online file storage. The account name stored in thestorage account column 172 is different from the personal account namemanaged by the personal file management system 120. The password column173 is a column for storing the password corresponding to the storageaccount. This password is used by the online file storage uponauthenticating the account. The password expiration date column 174 is acolumn for storing the expiration date of the password. The used filecount column 175 is a column for storing the used files owned by theaccount in the online file storage. When a single personal account isusing a plurality of storage accounts, the storage account to be usedduring file creation is determined so that the number of files owned byeach storage account will be equal so that an individual will not beidentified as a result of the number of files created among the storageaccounts becoming biased.

The storage management table 170, for example, stores “STR1” in thestorage identifier column 171, “ACNT1” in the storage account namecolumn 172, “PW1” in the password column 173, “07/07/07” in the passwordexpiration date column 174, and “100” in the used file count column 175.

FIG. 6 is a diagram showing an example of the file management table 180.The file management table 180 has an entry number column 181, a privacyinformation column 182, a storage management information column 183, anda share management information column 184. Information that is managedby the file management table 180 can be broadly classified into threetypes of information according to the objective; namely, privacyinformation, storage management information, and share managementinformation.

The entry number stored in the entry number column 181 is a uniqueidentifier allocated to the individual files being managed by thepersonal file management system 120. The privacy information stored inthe privacy information column 182 is information concerning privacyamong the management information of files. The storage managementinformation stored in the storage management information column 183manages in which online file storage the file was stored. The sharemanagement information stored in the share management information column184 is used for managing the information required for file sharing. Theprivacy information, the storage management information and the sharemanagement information are now explained in detail.

The privacy information is foremost explained. The privacy informationcolumn 182 storing the privacy information has a personal path namecolumn 1821, a personal account name column 182, a personal accessauthority information column 1823, and a personal time informationcolumn 1824.

The personal path name column 1821 stores a personal path name which isinformation for identifying a file with a name space of such spacemanaged by the personal file management system 120, and configured froma directory hierarchy and a file name. The personal account name column182 stores a personal account name shows the owner of the file.

The personal access authority information column 1823 stores personalaccess authority information showing the access authority of the filefor each account when a plurality of accounts access the file in thepersonal file management system 120. The personal access authorityinformation column 1823, as shown in FIG. 7, has an account name column1823A and an authority information column 1823B. Information showingwhether there is referral authority or update authority of the file foreach account name stored in the account name column 1823A is stored inthe authority information column 1823B. The authority information column1823B, for instance, as shown in FIG. 7, stores “read/write,” “readonly” and the like. “Read/write” shows that there is referral/updateauthority, and “read only” shows that there is only referral authority.

The personal time information column 1824 stores personal timeinformation such as the time the file was created or updated. Thepersonal time information column 1824, as shown in FIG. 8, has acreation time column 1824A, an access time column 1824B and an updatetime column 1824C. The creation time column 1824A is a column forstoring the time that the file was created. The access time column 1824Bis a column for storing the time that the created file was lastaccessed. The update time column 1824C is a column for storing the timethat the created file was updated.

Incidentally, when it is not necessary to manage the personal timeinformation as privacy information such as when there in only one onlinefile storage on the Internet 10, without managing the personal timeinformation with the file management table 180, the online file storagemay use the time information managed per file. Nevertheless, if thereare a plurality of online file storages and it is difficult to match thetime among the online file storages such as when the timezone isdifferent or the time is varied per online file storage, timeinformation per file is managed in the file management table 180 of thepersonal file management system 120.

The storage management information is now explained. The storagemanagement information column 183 storing the storage managementinformation has a storage identifier column 1831, a storage path namecolumn 1832, a storage account name column 1833, a storage accessauthority information column 1834, and an encryption key column 1835.

The storage identifier column 1831 stores a storage identifier of theonline file storage storing the files. The storage path name column 1832stores a storage path name for identifying a file with the name space ofsuch file managed by the online file storage upon storing the file inthe online file storage. This information is configured from a directoryhierarchy and a file name. For online file storages that use an IDinstead of a path name for storing files, an ID is used. The storageaccount name column 1833 stores an account name to be used upon storingthe file in the online file storage. The account name corresponds to thecreator of the file in the online file storage. The storage accessauthority information column 1834 stores the access authorityinformation concerning each stored file. The personal file managementsystem 120 determines which storage account is accessible to the fileduring file sharing, and sets such access authority information in theonline file storage. The storage access authority information is managedfor the purpose of storing the setting information in the personal filemanagement system 120. Thus, this information is not required if it isnot necessary to store the information. The encryption key column 1835stores an encryption key to be used upon encrypting the file and storingsuch file in the online file storage.

The share management information is now explained. The share managementinformation column 184 storing the share management information has ashare flag column 1841, a share destination entry number column 1842,and a file type column 1843.

The share flag column 1841 stores a share flag showing whether the fileis currently being shared. For instance, if the share flag is “ON” thisshows that the file is being shared, and if the share flag is “OFF” thisshows that the file is not being shared. The share destination entrynumber column 1842 stores an entry number in the file management table180 that manages the copy of the original file. In this embodiment, whensharing the file, the copy of the original file is created with anaccount that is different from the account during the original filecreation in an online file storage that is different from the onlinefile storage storing the original file. Information concerning the ownerof the original file is hidden and privacy is protected by teaching thelocation of the copied file to others. The file type column 1843 storesthe file type showing the difference whether it is an original file or acopied file. As the file type, for instance, “ORIG” or “COPY” is stored.When “ORIG” is stored, this shows that the file is an original file.When “COPY” is stored, this shows that the file is a copied file. Whenthe file is a copied file, since the privacy information in the filemanagement table 180 will be shared with the information of the originalfile, the contents in the entry will be invalid (N/A).

The file management table 180, for instance, as shown in FIG. 6 to FIG.8, stores “001” in the entry number column 181, “/DIR1/FILEA” in thepersonal path name column 1821, “USER1” in the personal account namecolumn 1822, “USER1: Read/Write” in the personal access authorityinformation column 1823, “2007/07/07” in the personal time informationcolumn 1824, “STR1” in the storage identifier column 1831, “/ABC/FILE_X”in the storage path name column 1832, “ACN1” in the storage account namecolumn, “No Data” in the storage access authority information column1834, “Key1” in the encryption key column 18353, “ON” in the share flagcolumn 1841, “003” in the share destination entry number column 1842,and “ORIG” in the file type column 1843.

FIG. 9 is a diagram showing an example of the anonymization triggertable 190. The anonymization trigger table 190 is a table that sets thetrigger for executing the anonymization support function unit 150. Theanonymization trigger table 190 has a trigger type column 191, a nexttrigger column 192, and a time interval column 193. The trigger typecolumn 191 stores the type of trigger that will execute theanonymization support function unit 150. As the trigger type, there arean access history anonymization trigger column 194, a dummy filecreation trigger column 195, and a password change trigger column 196.The access history anonymization trigger column 194, the dummy filecreation trigger column 195, and the password change trigger column 196are respectively set with a trigger for anonymizing the access history,a trigger for creating a dummy file, and a trigger for changing thepassword. As a result of anonymizing the access history, creating adummy file and changing the password based on the trigger set in theanonymization trigger table 190, it is possible to perform processingfor increasing the anonymity in the privacy protection file sharingsystem 1. The next trigger column 192 stores the next time that theanonymization processing is to be performed for each trigger type. Thetime interval column 193 shows the frequency of anonymizationprocessing. When the time interval is random, the anonymization triggeris decided randomly. When the time interval is daily, anonymizationprocessing is performed once a day.

The anonymization trigger table 190, for instance, as shown in FIG. 9,stores “access history anonymization trigger” in the trigger type column191, “2007/7/17 10:00 AM” in the next trigger column 192, and “random”in the time interval column 193.

The storage account management table 320 and the file system managementinformation table 330 stored in the online file storage 300 are nowexplained.

FIG. 10 is a diagram showing an example of the storage accountmanagement table 320. The storage account management table 320 has anaccount name column 321, a password column 322, and a passwordexpiration date column 323. The contents stored in the account namecolumn 321, the password column 322, and the password expiration datecolumn 323 are the same as the contents stored in the personal accountmanagement table 160, and the detailed explanation thereof is omitted.

FIG. 11 is a diagram showing an example of the file system managementinformation table 330. The file system management information table 330includes management information required upon storing files in thevolume 340, and explanatory information explained regarding the filecontents to be used upon searching for files.

The file system management information table 330 has a storage path namecolumn 331, a storage account name column 332, a storage-side accessauthority information column 333, a storage-side time information column334, an inode information column 335, and a pointer to the explanatoryinformation column 336. With the foregoing management information, thereis an entry of the file system management information table 330 perstored file.

The storage path name column 331 stores the storage path name of thefile stored in the online file storage. The storage account name column332 stores the storage account name that was used upon creating thefile. The storage account name corresponds to the owner of the file. Thestorage-side time information column 333 stores the file creation time,file access time, and file update time. The stored time is based on atimer (not shown) managed by the online file storage. The storage-sidetime information column 334 stores the same contents as the foregoingpersonal time information column 1824, and the detailed explanationthereof is omitted. The inode information column 335 stores inodeinformation for managing the position information regarding in whichphysical location the file was disposed in the volume 340. The pointerto the explanatory information column 336 stores the point showing thepath name of the explanatory information regarding the file contents.Explanatory information, for instance, is configured from text data.

The request format upon issuing a request to the initialization unit 130and the request processor 140 and the request format to be issued fromthe request processor 140 to the online file storage are now explainedwith reference to FIG. 12 to FIG. 24.

FIG. 12 is a diagram showing an example of initialization requestinformation upon the application 110 or a user issuing a command to thepersonal file management system 120 to create a file system.

As shown in FIG. 12, the initialization request information 131 has arequest type 132, an online file storage list 133, and a storage accountcount 134. If the request type 132 is “initialization,” the processingof the initialization unit 130 is executed. The online file storage list133 designates the online file storage group to be used by the createdfile system. The online file storages to be used are designated in astorage identifier list (for example, STR1 to STR3). The personal filemanagement system 120 determines the storage destination so that theonline file storages designating the file will be balanced during thefile creation. The storage account count 134 designates the number ofaccounts to be created in the respective online file storages 300, 400.If the storage account count is 10, the storage accounts to be usedduring the creation of a new file creation will be determined among the10 created storage accounts.

FIG. 13 is a diagram showing an example of the request format 141 whenthe application 110 request the personal file management system 120 tocreate a file.

As shown in FIG. 13, the request format 141 has a request type 142, apersonal path name 143, a personal account name 144, a data size 145,and a pointer to data 146. The request type 142 is set as “filecreation.” The personal path name 143 designates the path name of thefile to be created in the name space managed by the personal filemanagement system 120. The personal account name 144 designates withwhich personal account the file is to be created. The data size 145 isthe size of data. The pointer to data 146 shows the address in thememory 102 of the PC 100 storing the data in the created file.

FIG. 14 is a diagram showing an example of the request format 500 whenthe personal file management system 120 requests the online file storageto create a file.

As shown in FIG. 14, the request format 500 has a request type 501, astorage path name 502, a storage account name 503, a data size 504, anda data 505. The request type 501 is set as “file creation.” The datasize 504 and the data 505 are designated according to the file creationrequest to the personal file management system 120. The storage pathname 502 and the storage account name 503 are the same as the foregoingexplanation, and the detailed explanation thereof is omitted.

FIG. 15 is a diagram showing an example of the request format 510 whenthe application 110 requests the personal file management system 120 torefer to a file.

The request format 510 has a request type 511, a personal path name 512,and a personal account name 513. The request type 511 is set as “filereferral.” The personal path name 512 designates the path name in thename space managed by the personal file management system 120. Thepersonal account name 513 designates with which personal account thefile is to be referred.

FIG. 16 is a diagram showing an example of the request format 520 whenthe personal file management system 120 requests the online file storageto refer to a file.

The request format 502 has a request type 521, a storage path name 522,and a storage account name 523. The request type 521 is set as “filereferral.” The storage path name 522 and the storage account name 523are the same as the foregoing explanation, and the detailed explanationthereof is omitted.

FIG. 17 is a diagram showing an example of the request format 530 whenthe application 110 requests the personal file management system 120 toupdate the file.

The request format 530 has a request type 531, a personal path name 532,a personal account name 533, an offset 534, a size 535, and a pointer todata 536. The request type 531 is set as “file update.” The personalpath name 532 designates the path name in the name space managed by thepersonal file management system 120. The personal account name 533designates with which personal account the file is to be referred. Theoffset 534 and the size 535 designate the position from the top of thefile in which the data is to be updated. The pointer to data 536 showsthe address in the memory 102 of the PC 100 storing the data in the fileto be created.

FIG. 18 is a diagram showing an example of the request format 540 whenthe personal file management system 120 requests the online file storageto update the file.

As shown in FIG. 18, the update format 540 has a request type 541, astorage path name 542, a storage account name 543, an offset 544, a size545, and a data 546. The request type 541 is set as “file update.” Thestorage path name 542, the storage account name 543, the offset 544, andthe size 545 are the same as the foregoing explanation, and the detailedexplanation thereof is omitted. The data 545 is the file contents.

FIG. 19 is a diagram showing an example of the request format 550 whenthe application 110 requests the personal file management system 120 todelete the file.

As shown in FIG. 19, the request format 550 has a request type 551, apersonal path name 552, and a personal account name 553. The requesttype 551 is set as “file deletion.” The personal path name 552designates the path name in the name space managed by the personal filemanagement system 120. The personal account name 553 designates withwhich personal account the file is to be referred.

FIG. 20 is a diagram showing an example of the request format 560 whenthe personal file management system 120 requests the online file storageto delete the file.

As shown in FIG. 20, [the request format 560] has a request format 560,a request type 561, a storage path name 562, and a storage account name563. The request type 561 is set as “file deletion.” The storage pathname 562 and the storage account name 563 are the same as the foregoingexplanation, and the detailed explanation thereof is omitted.

Outline of the processing when the sharing and searching of the file arerequested to the request processor 140 is now explained. FIG. 21 is adiagram explaining the outline of this processing. In FIG. 21, a case isexplained where the online file storages for sharing the file are onlinefile storages 01, 02, and the applications and the personal filemanagement systems are respectively applications 1, 2, and personal filemanagement systems P1, P2. When corresponding this with theconfiguration shown in FIG. 1, for instance, the application 01corresponds to the application 110, the application 02 corresponds tothe application 210, the personal file management system P1 correspondsto the personal file management system 120, and the personal filemanagement system P2 corresponds to the personal file management system220.

A case of issuing a share request from the application 1 to the personalfile management system P1 is foremost explained. This share request, forinstance, includes a personal path name N1, a personal account U1, astorage identifier 02, and explanatory information D1. Subsequently, thepersonal file management system P1 reads the storage path name N2, thestorage account U2, and the file from the online file storage 01. Thepersonal file management system P1 thereafter uses the storage path nameN3 and the storage account U3 to create a shared file in the online filestorage 02. Next, the personal file management system P1 adds theexplanatory information D1 to the online file storage 02 by using thestorage path name N3. As a result of performing these four processes(corresponding to processes (1) to (4) in FIG. 21), the share sourcefile (storage path name N2) in the online file storage 01 can be sharedwith the share destination file (storage path name N3) in the onlinefile storage 02.

A case of issuing a file search request from the application 2 to thepersonal file management system P2 is now explained. This searchrequest, for instance, includes a search keyword, and a personal accountU4. Subsequently, the personal file management system P2 uses thestorage account U5 and the search keyword to search inside the onlinefile storage 02. The personal file management system P2 thereafterreceives the search result, the storage path name N3, and theexplanatory information D1 from the online file storage 02. Next, thepersonal file management system P2 outputs the search result, thepersonal path name N4, and the explanatory information D1 to theapplication 2. As a result of performing these four processes(corresponding to processes (5) to (8) in FIG. 21), the search result isoutput to the application 2.

FIG. 22 is a diagram showing an example of the request format 570 whenthe application 110 requests the personal file management system 120 toshare the file.

As shown in FIG. 22, the request format 570 has a request type 571, apersonal path name 572, a personal account name 573, a shared storageidentifier 574, and explanatory information 575. The request type 571 isset as “file sharing request.” The personal path name 572 designates thepath name in the name space managed by the personal file managementsystem 120. The personal account name 573 designates with which personalaccount the file sharing request is to be issued. The shared storageidentifier 574 determines which online file storage (hereinafterreferred to as the “share destination online file storage”; while thestorage to store the original file is hereinafter referred to as the“share source online file storage 300”) the file to be shared is to becopied. The explanatory information 575 is information for designatingthe information explaining the contents of the file to be shared.

FIG. 23 is a diagram showing an example of the request format 580 whenthe application 210 requests the personal file management system 220 tosearch for a file.

As shown in FIG. 23, the request format 580 has a request type 581, apersonal account name 582, and a search keyword 583. The request type581 is set as “file search.” The personal account name 582 is a personalaccount name to be set when a new entry is to be allocated to thesearched file in the file management table 180. The search keyword 583is an arbitrary character string, and is used for searching a filecorresponding to the explanatory information containing the characterstring.

FIG. 24 is a diagram showing an example of the request format 590 whenthe application 110 requests the personal file management system 120 tomanage the account.

As shown in FIG. 24, the request format 590 has a request type 591, apersonal account name 592, a new password 593, and a storage accountlink 594. The request type 591 is set as “account creation or accountdeletion or password change.” In other words, one among accountcreation, account deletion, or password change will be the request type.Account creation is a request for creating a new personal account,account deletion is a request for deleting an existing personal account,and password change is a request for changing the password of anexisting personal account. The personal account name 592 shows thepersonal account name to be processed. The new password 593 is only usedwhen creating an account and changing the password. The storage accountlink 594 is a flag for creating a storage account together with apersonal account when creating an account, and changing the password ofthe storage account together with the password change of the personalaccount when changing the password.

The processing to the executed by the initialization unit 130 of thepersonal file management system 120 is now explained. FIG. 25 is aflowchart showing the processing to be executed by the initializationunit 130.

When the initialization unit 130 receives the initialization request 131explained with reference to FIG. 12 from the (S101), it initializes thefile management table 180 (S102). This initialization specificallyclears all entries of the file management table 180. Subsequently, theinitialization unit 130 initializes the personal account managementtable 160 (S103), and then initializes the storage management table 170(S104). The initialization unit 130 thereafter randomly creates storageaccount names in the quantity of the storage account count 134 of theinitialization request in the respective online file storages designatedin the online file storage list 133 of the initialization request(S105). After creation, the initialization unit 130 registersinformation on the created storage accounts in the storage managementtable 170 (S106). Processing by the initialization unit 130 is therebycomplete.

Although not shown in FIG. 25, when deleting the file system, thecorresponding files are deleted from the online file storage regardingall files being managed by the file management table 180, all storageaccounts are subsequently deleted upon referring to the storagemanagement table 170, and the contents of the file management table 180,the personal account management table 160 and the storage managementtable 170 are lastly cleared. Deletion of the file system is therebycomplete.

The processing to be executed by the request processor 140 of thepersonal file management system 120 is now explained. FIG. 26 is aflowchart showing the processing to be executed by the request processor140.

When the request processor 140 receives the file creation requestexplained with reference to FIG. 13, the file referral request explainedwith reference to FIG. 15, the file update request explained withreference to FIG. 17, the file deletion request explained with referenceto FIG. 19, the file share request explained with reference to FIG. 22,the file search request explained with reference to FIG. 23, the accountmanagement request explained with reference to FIG. 24 and so on fromthe application 110 (S201), it determines the request type (S202). Thisdetermination is made based on the setting of the request type ofrequest format of the received request.

If the request type is determined to be file creation at step S202, therequest processor 140 executes the file creation processing (S203). Ifthe request type is determined to be file referral at step S202, therequest processor 140 executes the file referral processing (S204). Ifthe request type is determined to be file update at step S202, therequest processor 140 executes the file update processing (S205). If therequest type is determined to be file deletion at step S202, the requestprocessor 140 executes the file deletion processing (S206). If therequest type is determined to be file sharing at step S202, the requestprocessor 140 executes the file share processing (S207). If the requesttype is determined to be non-file sharing at step S202, the requestprocessor 140 executes the file unshare processing (S208). If therequest type is determined to be file search at step S202, the requestprocessor 140 executes the file search processing (S209). If the requesttype is determined to be account management at step S202, the requestprocessor 140 executes the account management processing (S210).

Like this, when any processing corresponding to the determination atstep S202 is ended, this processing is complete. Details concerning therespective processing routines of the file creation processing (S203),the file referral processing (S204), the file update processing (S205),the file deletion processing (S206), the file share processing (S207),the file search processing (S209), and the account management processing(S210) will be explained later with reference to FIG. 27 to FIG. 33.

The file creation processing to be executed by the request processor 140is foremost explained. FIG. 27 is a flowchart showing the file creationprocessing. In this file creation processing, the request processor 140creates a new entry in the file management table 180, manages theprivacy information with the new entry, and creates a file in the onlinefile storage 300.

The request processor 140 creates a new entry in the file managementtable 180 (S301). The request processor 140 sets information in the filemanagement table 180. Specifically, the request processor 140 setsinformation designated in the file creation request in the personal pathname column 1821 and the personal account name column 1822 of the filemanagement table 180. The request processor 140 configures the settingin the personal access authority information column 1823 according tothe configuration policy of the access authority set per directory towhich the file belongs. For example, the setting may be such that onlythe owner is able to read/write, and the other accounts are read only.The request processor 140 sets the current time in the personal timeinformation column 1824 by referring to a time (not shown) of thepersonal file management system 120. Since files are not shared duringfile creation, the share flag column 1841 is set to “OFF,” the sharedestination entry number column 1842 is set to “N/A,” and the file typecolumn 1843 is set to “ORIG.” When the request processor 140 is toencrypt and store the data, it determines an encryption key and sets thedetermined encryption key in the encryption key column 1835 of the entryof the file management table 180 (S302).

Subsequently, the request processor 140 refers to the used file countcolumn 175 of the storage management table 170, and finds the entry withthe smallest number. The storage identifier of the online file storagein which the file is to be created and the storage account name to beused during file creation are thereby determined (S303). Anotherembodiment where a plurality of different personal accounts use the samestorage account to create the respective files is also possible.

The request processor 140 thereafter randomly determines the storagepath name. Thereupon, [the request processor 140] checks whether thesame storage path name exists in the online file storage 300, anddetermines a unique storage path name (S304).

Subsequently, the request processor 140 sets the determined storageidentifier, storage path name, and storage account name in the filemanagement table 180 (S305). If necessary, the storage access authorityinformation is set during file sharing.

The request processor 140 thereafter logs onto the online file storageusing the password corresponding to the decided storage account name,and creates a file of the determined path name (S306). An example of therequest format 500 of the file creation request to the online filestorage has been described with reference to FIG. 14 above. The requestprocessor 140 sends a file creation completion reply to the application110 of the request source (S307). The file creation processing isthereby complete.

The file referral processing to be executed by the request processor 140is now explained. FIG. 28 is a flowchart showing the file referralprocessing. In this file referral processing, the request processor 140specifies the file in the online file storage corresponding to thepersonal path name requested from the file management table 180, readsthe file from the online file storage, and thereafter returns the readfile to the application 110.

Foremost, the request processor 140 searches for the respective entriesof the file management table 180, and picks out the entry that matchesthe designated personal path name (S401). Then, the request processor140 refers to the personal access authority information column 1823 ofthe file management table 180, and determines whether the designatedaccount has the authority to refer to the file (S402). If it isdetermined at step S402 that there is no authority, the requestprocessor 140 returns an access authority error to the application 110of the request source, and then ends the processing (S403).

Meanwhile, if it is determined at step S402 that there is authority, therequest processor 140 determines the storage identifier, storage pathname, and storage account name corresponding to the personal path namefrom the entry of the file management table 180 (S404). Then, therequest processor 140 logs onto the online file storage corresponding tothe determined storage identifier using the password corresponding tothe determined storage account name, and reads the files correspondingto the determined storage path name (S405). An example of the requestformat 520 of the file referral request to the online file storage hasbeen explained with reference to FIG. 16 above.

Subsequently, the request processor 140 updates the access time of thepersonal time information column 1824 of the file management table 180(S406), returns the read file to the application 110, and then ends theprocessing (S407). The file referral processing is thereby complete.

The file update processing to be executed by the request processor 140is now explained. FIG. 29 is a flowchart showing the file updateprocessing. In this file update processing, the request processor 140specifies the file in the online file storage corresponding to thepersonal path name requested from the file management table 180, andupdates the file in the online file storage with update data.

Foremost, the request processor 140 searches for the respective entriesof the file management table 180, and picks out the entry that matchesthe designated personal path name (S501). The request processor 140refers to the personal access authority information column 1823 of thefile management table 180, and determines whether the designated accounthas the authority to update the file (S502). If it is determined at stepS502 that there is no authority, the request processor 140 returns anaccess authority error to the application 110 of the request source, andthen ends the processing (S503).

Meanwhile, if it is determined at step S502 that there is no authority,the request processor 140 determines the storage identifier, storagepath name, and storage account name corresponding to the personal pathname from the entry of the file management table 180 (S504).

Then, the request processor 140 logs onto the online file storagecorresponding to the determined storage identifier using the passwordcorresponding to the determined storage account name, and updates thefiles corresponding to the determined storage path name with thedesignated data (S505). An example of the request format 540 of the fileupdate request to the online file storage has been explained withreference to FIG. 18 above.

Subsequently, the request processor 140 updates the access time andupdate time of the personal time information column 1824 of the filemanagement table 180 (S506), and sends a reply to the application 110 ofthe request source (S507). The file update processing is therebycomplete.

The file deletion processing to be executed by the request processor 140is now explained. FIG. 30 is a flowchart showing the file deletionprocessing. In this file deletion processing, the request processor 140specifies the file in the online file storage corresponding to thepersonal path name requested from the file management table 180, deletesthe file from the online file storage, and thereafter also deletes theentry of the file management table 180. Since the copied files of theoriginal files to be deleted are also deleted during file sharing, thisprocessing will be called recursively.

Foremost, the request processor 140 searches for the respective entriesof the file management table 180, and picks out the entry that matchesthe designated personal path name (S601). Then, the request processor140 refers to the personal account name column 1822 of the filemanagement table 180, and determines whether the designated account isan owner allowed to delete the files (S602). If it is determined at stepS602 that this is not the owner, the request processor 140 returns anaccess authority error to the application 110 of the request source, andthen ends the processing (S603).

Meanwhile, if it is determined at step S602 that this is the owner, therequest processor 140 refers to the share flag column 1841 of the filemanagement table 180, and determines whether the file is currently beingshared (S604). If it is determined at step S604 that the file is beingshared, the request processor 140 specifies a copied file of the filefrom the file management table 180, and recursively executes the filedeletion processing in order to delete the file (S605).

Subsequently, if it is determined at step S602 that the file is beingshared, or when the shared file is deleted at step S605, the requestprocessor 140 determines the storage identifier, storage path name, andstorage account name corresponding to the personal path name from thefile management table 180 (S606).

Then, the request processor 140 logs onto the online file storagecorresponding to the determined storage identifier using the passwordcorresponding to the determined storage account name, and deletes thefiles corresponding to the determined storage path name (S607). Anexample of the request format 560 of the file deletion request to theonline file storage has been explained with reference to FIG. 20 above.

Then, the request processor 140 deletes the entry corresponding to thedeleted file from the file management table 180 (S608), and sends areply to the application 110 of the request source (S609). The filedeletion processing is thereby complete.

The file share processing to be executed by the request processor 140 isnow explained. FIG. 31 is a flowchart showing the file share processing.In this file share processing, the request processor 140 specifies thefile in the online file storage corresponding to the personal path namerequested from the file management table 180, creates a copy of the filein the online file storage designated together with the explanatoryinformation, and manages the relationship of the original and copy inthe file management table 180. FIG. 31 shows the details of the fileshare processing schematically explained with reference to FIG. 21.

Foremost, the request processor 140 searches for the respective entriesof the file management table 180, and picks out the entry that matchesthe designated personal path name (“personal path name N1” in FIG. 21)(S701). Then, the request processor 140 refers to the personal accountname column 1822 of the file management table 180, and determineswhether the designated account (“personal account U1” in FIG. 21) is anowner allowed to share files (S702). If it is determined at step S702that the owner is not allowed to share files, the request processor 140returns an access authority error to the application 110 of the requestsource, and then ends the processing (S703).

Meanwhile, if it is determined at step S702 that the owner is allowed toshare files, the request processor 140 creates a new entry where thefile type column 1843 of the file management table 180 is “COPY.”Thereupon, “N/A” is set in the personal path name column 1821 and thepersonal account name column 1822 (S704).

Then, the request processor 140 sets “ON” in the share flag column 1841,sets the number of the new entry in the share destination entry numbercolumn 1842, and updates the share management information of the sharesource file in relation to entries of the file management table 180corresponding to the file to be shared (S705).

Subsequently, the request processor 140 randomly determines the storagepath name (“N2” in FIG. 21) for the copied file so that it will beunique in the share destination online file storage (“online filestorage 02” in FIG. 21). The request processor 140 additionallydetermines the storage account name (“U2” in FIG. 21) upon creating acopied file in the share destination online file storage from thestorage management table 170. Then, the request processor 140 sets thestorage identifier, storage path name, and storage account name of theshare source file in the new entry of the file management table 180.“OFF” is set in the share flag and “N/A” is set in the share destinationentry number (S706).

Subsequently, the request processor 140 determines the storageidentifier, storage path name, storage account name (storage identifier01, storage path name N2, storage account name U2 in FIG. 21)corresponding the file to be shared (hereinafter referred to as the“share source file”) from the file management table 180 (S707).

The request processor 140 thereafter reads the share source file fromthe share source online file storage (“online file storage 01 in FIG.21) (S708), and creates the file read from the share source online filestorage using the storage account name (“U3” in FIG. 21) in the sharedestination online file storage as a new file designated with thestorage path name (“N3” in FIG. 21) (S709).

Subsequently, the request processor 140 changes the storage-side accessauthority of the file designated with the storage path name (“N3” inFIG. 21) in the share destination online file storage to be accessiblefrom any storage account (S710). Nevertheless, as another embodiment,the setting may be configured such that access is only allowed from aspecific storage account group. If necessary, the contents set to theshare destination online file storage 300 may be retained in the storageaccess authority information column 1834 of the file management table180 of the personal file management system 120.

The request processor 140 thereafter uses the storage path name (“N3” inFIG. 21) to add the explanatory information D1 to the share destinationfile in the share destination online file storage. The share destinationonline file storage stores the explanatory information D1 in one's ownfile system, and sets a pointer to the explanatory information D1 in theentry corresponding to the file with one's own file system managementinformation (S711). The file share processing is thereby complete.

The file unshare processing to be executed by the request processor 140is now explained. In the file unshare processing, the request processor140 deletes the share management information of the file that is not tobe shared from the file management table 180, deletes the entry of thecorresponding copied file, and deletes the copied file and theexplanatory information from the online file storage storing the copy.

The file search processing to be executed by the request processor 140is now explained. FIG. 32 is a flowchart showing the file searchprocessing. In this file search processing, when the request processor140 receives the personal account name (“U4” in FIG. 21) and the searchkeyword (for instance, W1) from the application 210, it searches thefile containing the search keyword from the online file storage, andregisters the searched file as a new file in the file management table180.

Foremost, the request processor 140 (request processor in the personalfile management system P2 in FIG. 21) selects an arbitrary storageaccount name (“U5” in FIG. 21) corresponding to the online file storage(online file storage 02 in FIG. 21) to be searched from the storagemanagement table 170. When there are a plurality of online file storagesto be searched, the following processing is repeated for each onlinefile storage (S801).

Subsequently, the request processor 140 issues a search request to theonline file storage by designating a search keyword (for instance, “W1”)targeting the file group that can be accessed by the selected storageaccount name (S802). The online file storage-side searches for theexplanatory information (“D1” in FIG. 21) corresponding to the filegroup accessible from the designated storage account, and returns a listto the request processor 15 with the path name of the file groupmatching the search keyword and the corresponding explanatoryinformation (“N3” and “D1” in FIG. 21) as a set.

The request processor 140 thereafter obtains, as the search result, alist of the storage path name and the explanatory information (“N3” and“D1” in FIG. 21) as a set (S803).

Subsequently, the request processor 140 creates a new entry in the filemanagement table 180 for each obtained storage path name (N3), andallocates and sets the arbitrary unique personal path name (N4). As thepersonal account name, the personal account name (“U4” in FIG. 21)designated by the application 110 in the search request is set. Thepersonal access information authority also follows the configurationpolicy as in the case during file creation. Information (“02”, “N3,”“U5” in FIG. 21) at steps S801 and S803 is set in the storage identifiercolumn 1831, the storage path name column 1832, and the storage accountname column 1833. The share management information column 184 iscleared.

The request processor 140 thereafter returns to the application 110, asthe search result, a list with the newly created personal path and thecorresponding explanatory information (“N4” and “D1”) as a set (S805).The file search processing is thereby complete. The application 110 willbe able to access the searched file by designating the personal pathname (“N4”).

The account management processing to be executed by the requestprocessor 140 is now explained. FIG. 33 is a flowchart showing theaccount management processing. In this account management processing,the request processor 140 creates and deletes the account in and fromthe personal file management system 120, and requests the changing ofthe password.

Foremost, the request processor 140 determines the request type of theaccount management. The request type is determined based on theinformation set in the request type column 591 of the request format 590explained with reference to FIG. 24 (S901). If the request type is“account creation,” the routine proceeds to step S902, if the requesttype is “account deletion,” the routine proceeds to step S905, and ifthe request type is “password change,” the routine proceeds to stepS906.

If it is determined at step S901 that the request type is “accountcreation,” the request processor 140 adds a new entry to the personalaccount management table 160, and sets the personal account name,password, and password expiration date designated in the accountmanagement request. As the password expiration date, a periodpredetermined by the system is set (S902).

Then, the request processor 140 determines whether the storage accountis to also be changed (S903), and this is determined based on whetherthe flag of the storage account link of the account management requestis “ON” or “OFF.” If the flag is “OFF,” the processing is ended.

Meanwhile, if the flag is “ON,” the request processor 140 randomlyselects the online file storage from the storage management table 160,and thereafter randomly determines the unique new storage account in theonline file storage and the account password. Finally, the [requestprocessor 140] creates the storage account in the online file storage,and adds a new entry in the storage management table 160 (S904).

If it is determined at step S901 that the request type is “accountdeletion,” the request processor 140 deletes the entry of the designatedpersonal account from the personal account management table 160, andthen ends the processing.

Meanwhile, if it is determined at step S901 that the request type is“password change,” the request processor 140 searches for the entrycorresponding to the personal account name designated in the accountmanagement request from the personal account management table 160, andupdates the password with the designated password. The passwordexpiration date is also reset to a new value (S906).

Subsequently, the request processor 140 determines whether the storageaccount should also be changed (S907). This is determined based onwhether the flag of the storage account link of the account managementrequest is “ON” or “OFF.” If the flag is “OFF,” the processing iscomplete.

Meanwhile, if the flag is “ON,” the request processor 140 refers to thefile management table 180, and lists all files created in the personalaccount name designated in the account management request. The [requestprocessor 140] lists the storage accounts used upon storing all files inthe list into the online file storage, randomly determines a passwordfor all storage accounts in the list, and requests the online filestorage change the password of the storage account. Finally, the[request processor 140] updates the password column and the passwordexpiration date column of the storage management table 170 (S908).

The processing of the anonymization support function unit 150 is nowexplained. FIG. 34 is a flowchart showing the processing to be executedby the anonymization support function unit 150. The anonymizationsupport function unit 150 accesses files in the online file storageirrelevant to the file access request from the application 110,maintains the anonymity concerning the access history by creating arandom file, and prevents the cracking of passwords by periodicallychanging the password of the storage account.

Foremost, the anonymization support function unit 150 refers to theanonymization trigger table 190 explained with reference to FIG. 9, anddetermines whether it is an access history anonymization trigger bycomparison with the current time obtained from a timer (not shown)(S1001). If it is determined that this is an access historyanonymization trigger, the anonymization support function unit 150randomly selects a file from the file management table 180 (S1002), andaccesses the file in the online file storage. Thereupon, the timeinformation managed by the file management table 180 of the personalfile management system 120 is not updated. Whether to read or write dataduring the file access is determined randomly. In the case of writedata, data is read once and then such data is written into the sameposition of the file in order to prevent the file contents from changing(S1003).

When the processing at step S1003 is ended, or if it is determined atstep S1001 that the trigger is not an access history anonymizationtrigger, the anonymization support function unit 150 refers to theanonymization trigger table 190, and determines whether the trigger is adummy file creation trigger (S1004). If it is determined to be a dummyfile creation trigger, the anonymization support function unit 150randomly selects the online file storage and the storage account namefrom the storage management table 170 (S1005). The anonymization supportfunction unit 150 randomly determines a storage path name that does notexist in the online file storage, and then randomly determines the filesize and data contents (S1006). Subsequently, the anonymization supportfunction unit 150 creates a dummy file in the selected online filestorage with the determined storage path name using the selected storageaccount. After creation, the [anonymization support function unit 150]adds the management information of the dummy file to the file managementtable 180 (S1007).

When the processing at step S1007 is ended, or if it is determined atstep S1004 that the trigger is not a dummy file creation trigger, theanonymization support function unit 150 refers to the anonymizationtrigger table 190, and determines whether the trigger is a passwordchange trigger (S1008). If it is determined that it is a password changetrigger, the anonymization support function unit 150 determines a randomnew password for all storage accounts of the storage management table170 (S1009). Then, the anonymization support function unit 150 updatesthe password of the storage account with the new password in the onlinefile storage (S1010). Subsequently, the anonymization support functionunit 150 updates the password column 173 of the storage management table170 with the new password (S1011). If it is determined that it is notthe processing at step S1011 or the password change trigger at stepS1008, the processing is ended.

According to this first embodiment, since the privacy protection filesharing system 1 is configured such that the privacy information capableof identifying individuals is separated from the information used forprocessing the file in the online file storage when a user is to createor update files in the online file storage, it is possible to protectthe privacy information of users without hampering the convenience ofusers, and prevent the online file storage-side from specifying theprivacy information of users.

The privacy protection file sharing system 1 is also able to share dataamong a plurality of individuals via the online file storage whileprotecting the privacy information of users.

Second Embodiment

The second embodiment is now explained. The second embodiment differsfrom the first embodiment in that it protects privacy information bypartitioning a single file into a plurality of subfiles, and storing therespective subfiles in separate online file storages. Thus, thefollowing explanation focuses on the differences between the first andsecond embodiments, and the detailed explanation thereof is omitted.

FIG. 35 is a diagram schematically showing the configuration of aprivacy protection file sharing system 2 in the second embodiment. Asshown in FIG. 35, in the privacy protection file sharing system 2, whenthe personal file management system 620 is to create a new file X610,the file X610 is sectioned at the 0^(th), 100^(th) and 250^(th) offset,and partitioned into the three subfiles of subfile L632, subfile M642,and subfile N652. These subfiles are respectively stored in the onlinefile storages 630, 640, 650.

FIG. 36 is a diagram showing the file management table 180 managed bythe personal file management system 620 in the system 2. The secondembodiment differs from the first embodiment in that a subfileconfiguration information column 185 is provided. The other elements arethe same as the first embodiment and are given the same referencenumeral, and the detailed explanation thereof is omitted.

The subfile configuration information column 185 has an offset column1851, a size column 1852, and a next entry column 1853. The subfileconfiguration information stored in the subfile configurationinformation column 185 shows how the file has been partitioned, and thetype of continuity among the subfiles.

As shown in FIG. 36, in the offset column 1851, from the top to the100^(th) address of the file X610 is sectioned as the first subfile,from the 100^(th) address to the 250^(th) address of the file X610 issectioned as the second subfile, and from the 250^(th) address to the300^(th) address of the file X610 is sectioned as the third subfile. Thesize column 1852 shows the size of the respective subfiles (files L, M,N). The next entry column 1853 shows the order among the subfiles. Thesubfile of entry number 001 follows the subfile of entry number 002.Since the subfile of entry number 003 is at the end, “N/A” is stored inthe next entry column 1853.

In the second embodiment, since the files in the online file storages630, 640, 650 are associated for each subfile L632, subfile M642, andsubfile N652, the correspondence is managed with the information storedin the storage identifier column 1831 of the storage managementinformation column 183 in the file management table 180. In FIG. 36, thesubfile of entry number 001 is associated with the file designated withthe storage path name “/ABC/FILE_X” of the online file storage 630identified by the storage identifier “STR1.”

According to the second embodiment, since one file X610 can bepartitioned into three subfiles L, M, N and be respectively stored inthe online file storages 630, 640, 650, it is possible to increase theprotection level of privacy information even further than the firstembodiment.

Third Embodiment

The third embodiment is now explained. The third embodiment differs fromthe first embodiment in that the IP address is anonymized when a uniqueIP (Internet Protocol) address is allocated to each PC. Thus, thefollowing explanation focuses on the differences between the first andthird embodiments, and the detailed explanation thereof is omitted.

FIG. 37 is a diagram schematically showing the configuration of aprivacy protection file sharing system 3 in the third embodiment. Theprivacy protection file sharing system 3 is configured such that aplurality of PCs 710, 720, 730 are connected to the online file storage750 via the proxy server 740. Each PC 710, 720, 730 has a unique IPaddress 712, 722, 732. The proxy server 740 also has a unique IP address741.

When the personal file management system (not shown) contained in eachPC 710, 720, 730 issues a request to create a file in the online filestorage 750, as a result of the proxy server 740 replacing the IPaddress of the source PC with the IP address of the proxy server, theonline file storage 750 will recognize a request from any one of theplurality of PCs 710, 720, 730 to be a request from the proxy server740.

According to the third embodiment, since the online file storage 750will recognize the requests concerning the online file storage 750 froma plurality of PCs 710, 720, 730 to all be requests from all proxyserver 740, anonymity of the IP address of the respective PCs 710, 720,730 can be protected even further.

Other Embodiments

Although the foregoing first embodiment explained a case where thepresent invention is a file sharing system 1 including a PC 100, aportable terminal 200, and online file storages 300, 400 connected tothe PC 100 and the portable terminal 200 via the Internet, and forstoring files from at least the PC 100 or the portable terminal 200 intothe online file storages 300, 400 and sharing the stored files with thePC 100 and the portable terminal 200, wherein the PC 100 separates, whencreating a file in the online file storage 300, privacy information thatidentifies a user creating the file from information required forcreating the file in the online file storage 300, and creating the filein the online file storage 300 by using information obtained byconverting the separated privacy information (S203), the presentinvention is not limited to the foregoing configuration. Sinceinformation capable of identifying individuals can be separated from theonline file storage 300, the anonymity of users on the Internet 10 canbe ensured.

Further, although the foregoing first embodiment explained a case wherethe present invention is a file sharing system 1 including a PC 100, aportable terminal 200, and online file storages 300, 400 connected tothe PC 100 and the portable terminal 200 via the Internet, and forstoring files from at least the PC 100 or the portable terminal 200 intothe online file storages 300, 400 and sharing the stored files with thePC 100 and the portable terminal 200, wherein the PC 100 comprises afile management table 180 for at least managing privacy informationcontaining a personal account name and a personal path that identify auser creating a file, and storage management information containing astorage account name that is different from the personal account and astorage path name is different from the personal path name, aregistration unit (S305) for creating the storage account name and thestorage path name from the personal account name and the personal pathname upon creating a new file in the online file storage 300, andassociating and registering the personal account name and the personalpath name in the file management table 180, and a file creation unit(S306) for creating the new file in the online file storage 300 by usingthe storage account name and the storage path name registered in thefile management table 180, the present invention is not limited to theforegoing configuration. Since information capable of identifyingindividuals can be separated from the online file storage 300, theanonymity of users on the Internet 10 can be ensured.

Although the privacy information in the foregoing first embodimentincludes personal account name, personal path name, group to which thepersonal account name belongs, type of file, access authority of thefile, and time that the information processing unit accessed the onlinefile storage 300, and such information are managed by the filemanagement table 180, the present invention is not limited to this caseof managing the privacy information with the file management table 180.

Although the foregoing first embodiment explains a case where the PC 100comprises an encryption unit (S302) for encrypting a new file, and thefile creation unit (S306) creates the new file encrypted with theencryption unit in the online file storage 300, and the file managementtable 180 manages an encryption key that associates the personal accountname and the personal path name and decrypts the encrypted new file, thepresent invention is not limited to the foregoing configuration. As aresult of using an encryption key as described above, it is possible toallow only the personal file management system 120 managing theencryption key to refer to data.

Although the foregoing first embodiment explains a case where the filecreation unit (S306) of the PC 100, upon creating a first new file,creates the first new file encrypted with the encryption unit by using afirst encryption key in the online file storage 300 by using the storageaccount name, and the file creation unit of the portable terminal 200,upon creating a second new file, creates the second new file encryptedwith the encryption unit by using a second encryption key in the onlinefile storage 300 by using the storage account name, the presentinvention is not limited to the foregoing configuration. Even though thesame account is used as described above, by using different encryptionkeys, the correspondence relationship of the file group stored in theonline file storage and the owner can be anonymized.

Although the foregoing first embodiment explains a case where theregistration unit (S305), upon creating the storage account name fromthe personal account name, allocates the storage account name which isdifferent per file to a file group created by using the personal accountname, and the file creation unit (S306) creates the respective files inthe online file storage 300 by using the storage account name which isdifferent per file, the present invention is not limited to theforegoing configuration.

Although the foregoing first embodiment explains a case where theregistration unit (S305), upon creating the new file, selects a storageaccount name with the fewest files from the storage account name whichis different per file, and the file creation unit (S306) creates thefile in the online file storage 300 by using the selected storageaccount name, the present invention is not limited to the foregoingconfiguration. As a result of selecting the storage account name withthe fewest files as described above, anonymity can be further increasedsince the number of files can be averaged.

Although the foregoing first embodiment explains a case where the PC 100comprises an access authority determination unit (S402) for referring tothe file management table 180 and determining, upon receiving a readrequest of a file designated by using the personal account name and thepersonal path name, whether there is access authority of the readrequested file, and a read processor (S405) for referring to the filemanagement table 180, issuing a read request to the online file storage300 by using a storage account name and a storage path name associatedwith the read requested file, and reading the read requested file sentfrom the online file storage 300 based on the request of the readrequest unit, the present invention is not limited to the foregoingconfiguration.

Although the foregoing first embodiment explains a case where the PC 100comprises an access authority determination unit (S502) for referring tothe file management table 180 and determining, upon receiving a writerequest of a file designated by using the personal account name and thepersonal path name, whether there is access authority of the writerequested file, and an update processor (S505) for referring to the filemanagement table 180, issuing a write request to the online file storage300 by using a storage account name and a storage path name associatedwith the write requested file, and updating the write result of thewrite requested file from the online file storage 300 based on the writerequest, the present invention is not limited to the foregoingconfiguration.

Although the foregoing first embodiment explained a case where the filemanagement table 180 further manages time information per registeredfile, and the PC 100 further includes an access unit (S1001 to S1003)that does not update time information in the file management table 180of files decided randomly from the management table and accesses therandomly decided files in the online file storage 300 at a randomlydecided time, the present invention is not limited to the foregoingconfiguration. As a result of updating only the time information in theonline file storage 300 as described above, the anonymity of accesshistory information of the user can be ensured.

Although the foregoing first embodiment explained a case where the PC100 comprises a dummy file creation unit (S1004 to S1007) for creating anew file containing random contents in the online file storage 300, thepresent invention is not limited to the foregoing configuration. As aresult of creating this kind of dummy file as described above, even whena third party refers to the online storage file, it will be difficult todiscover a file capable of identifying personal information.

Although the foregoing first embodiment explained a case where theonline file storage 300 comprises a storage account management table 320for managing a password associated with the storage account name, andthe PC 100 comprises a password change unit (S1008 to S1011) forperiodically changing the password associated with the storage accountname in the online file storage 300, the present invention is notlimited to the foregoing configuration. As a result of changing thepassword as described above, leakage of the password can be prevented.

Although the foregoing first embodiment explained a case where the PC100 comprises a shared processor (S701 to S707) for performing filesharing processing for sharing a file designated with the personalaccount name and the personal path name to the online file storage 300in which the file was created, a read unit (S708) for reading the fileusing the storage account name and the storage path name of the filefrom the online file storage 300 based on processing of the sharedprocessor, and a storage unit (S711) for creating a new account and anew path respectively associated with the storage account name and thestorage path name, and storing the read file and the new account and thenew path in an online file storage 400 that is different from the onlinefile storage 300, the present invention is not limited to the foregoingconfiguration. As a result of sharing the files as described above, forinstance, the personal file management system P1 and the personal filemanagement system P2 will be able to share files while maintaininganonymity.

Although the foregoing first embodiment explained a case where the PC100 comprises a file deletion unit (S206) for deleting the filedesignated with the new account and the new path from the differentonline file storage 400, the present invention is not limited to theforegoing configuration.

Although the foregoing first embodiment explained a case where, uponrequesting the sharing of a file, the storage unit (S711) addsexplanatory information of the file by associating the explanatoryinformation with the file designated with the new account and the newpath, and the present invention is not limited to the foregoingconfiguration. As a result of adding explanatory information asdescribed above, the user will be able to find the necessary file bysearching for the explanatory information.

Although the foregoing first embodiment explained a case where anportable terminal 200 that is able to access the different online filestorage 400 includes a search request unit (S802) for accepting input ofa keyword to be used in the search together with privacy informationcontaining an account for specifying a user searching a file, accessingthe different online file storage 400 by using an account correspondingto the account for identifying the user, and issuing a request forsearching explanatory information D1 in the different online filestorage 400 by using the keyword, and a search result reception unit(S803) for receiving, as a search result, explanatory informationsearched based on the request from the search request unit and a path ofthe file associated with the explanatory information, the presentinvention is not limited to the foregoing configuration. As a result ofpresenting the path of the file as described above, a third party willbe able to search for a sharable file group.

Although the foregoing second embodiment explained a case where theprivacy protection file sharing system 2 comprises online file storages630, 640, 650 and, upon creating the new file, the file creation unit(S306) includes processing of partitioning the new file to be createdinto prescribed subfiles (files L, M, N), determining the storage pathname per partitioned subfile, and partitioning and creating the file inthe plurality of online file storages 630, 640, 650 by using the storagepath name per the subfile, and the file management table 180 manages thecorrespondence relationship of a storage path name determined per thesubfile (file L, M, N) and the online file storage 300 in which thesubfile was created (subfile configuration information column 185), thepresent invention is not limited to the foregoing configuration. As aresult of partitioning a file into a plurality of subfiles as describedabove, it is possible to prevent the leakage of all information even ifone subfile is leaked.

Although the foregoing third embodiment explained a case where theprivacy protection file sharing system 3 comprises a proxy server 740disposed between PCs 710, 720, 730 and the online file storage 750 forconverting an address on the Internet, and the PCs 710, 720, 730 accessthe online file storage 750 via the proxy server 740, the presentinvention is not limited to the foregoing configuration. As a result ofconverting the IP address with the proxy server 740, the IP address ofthe PCs 710, 720, 730 can be anonymized.

The present invention can be broadly applied to privacy protection filesharing systems and privacy protection file sharing methods.

What is claimed is:
 1. A file sharing system including at least one ormore information processing units and at least two or more storageapparatuses connected to said at least one or more informationprocessing units via the Internet, and for storing files from said atleast one or more information processing units in said storage apparatusand sharing said stored files with said at least one or more informationprocessing units, said information processing unit comprising: amanagement table for at least managing privacy information containing afirst account and a first path that identify a user creating a file; aregistration unit for: creating a second account and a second path fromsaid first account and said first path upon creating a new file in saidstorage apparatus, said second account being different from said firstaccount and said second path being different from said first path; andassociating and registering said first account and said first path insaid management table; said management table further including storagemanagement information containing said second account and said secondpath; a file creation unit for creating said new file in said storageapparatus by using said second account and said second path registeredin said management table: a shared processor for performing file sharingprocessing for sharing a file designated with said first account andsaid first path to said storage apparatus in which said file wascreated; a read unit for reading said file using said second account andsaid second path of said file from said storage apparatus based onprocessing of said shared processor; and a storage unit for creating athird account and a third path respectively associated with said secondaccount and said second path, and storing said read file, said thirdaccount, and said third path in a storage apparatus that is differentfrom said storage apparatus; wherein, upon requesting the sharing of afile, said storage unit adds explanatory information of said file byassociating said explanatory information with the file designated withsaid third account and said third path.
 2. The file sharing systemaccording to claim 1, wherein said privacy information further includesat least any one of the following pieces of information among the groupto which said first account belongs, type of file, access authority ofthe file, and time that said information processing unit accessed saidstorage apparatus; and wherein said management table manages at leastany one of the following pieces of information among the group to whichsaid first account belongs, type of file, access authority of the file,and time that said information processing unit accessed said storageapparatus further included in said privacy information by associatingsaid information with said first account and said first path.
 3. Thefile sharing system according to claim 2, wherein said informationprocessing unit includes: an access authority determination unit forreferring to said management table and determining, upon receiving aread request of a file designated by using said first account and saidfirst path, whether there is access authority of said read requestedfile; and a read processor for referring to said management table,issuing a read request to said storage apparatus by using a secondaccount and a second path associated with said read requested file, andreading said read requested file when said access authoritydetermination unit determines that there is access authority.
 4. Thefile sharing system according to claim 2, wherein said informationprocessing unit includes: an access authority determination unit forreferring to said management table and determining, upon receiving awrite request of a file designated by using said first account and saidfirst path, whether there is access authority of said write requestedfile; and an update processor for referring to said management table,issuing a write request to said storage apparatus by using a secondaccount and a second path associated with said write requested file, andupdating the write result of said write request when said accessauthority determination unit determines that there is access authority.5. The file sharing system according to claim 1, wherein saidinformation processing unit further comprises an encryption unit forencrypting said new file; wherein said file creation unit creates thenew file encrypted with said encryption unit in said storage apparatus;and wherein said management table associates said first account and saidfirst path, and manages an encryption key for decrypting said encryptednew file.
 6. The file sharing system according to claim 5, wherein afile creation unit of a first information processing unit among said atleast one or more information processing units, upon creating a firstnew file, creates said first new file encrypted with said encryptionunit by using a first encryption key in said storage apparatus by usingsaid second account; and wherein a file creation unit of a secondinformation processing unit among said at least one or more informationprocessing units, upon creating a second new file, creates said secondnew file encrypted with said encryption unit by using a secondencryption key in said storage apparatus by using said second account.7. The file sharing system according to claim 1, wherein saidregistration unit, upon creating said second account from said firstaccount, allocates said second account which is different per file to afile group created by using said first account; and wherein said filecreation unit creates the respective files in said storage apparatus byusing said second account which is different per file.
 8. The filesharing system according to claim 7, wherein said registration unit,upon creating said new file, selects a second account with the fewestfiles from said second account which is different per file; and whereinsaid file creation unit creates the file in said storage apparatus byusing said selected second account.
 9. The file sharing system accordingto claim 1, wherein said management table further manages timeinformation per registered file; and wherein said information processingunit further includes: an access unit that does not update timeinformation in said management table of files decided randomly from saidmanagement table and accesses said randomly decided files in saidstorage apparatus at a randomly decided time.
 10. The file sharingsystem according to claim 1, wherein said information processing unitincludes: a dummy file creation unit for creating a new file containingrandom contents in said storage apparatus.
 11. The file sharing systemaccording to claim 1, wherein said storage apparatus includes: anaccount management table for managing a password associated with saidsecond account; and wherein said information processing unit includes: apassword change unit for periodically changing the password associatedwith said second account in said storage apparatus.
 12. The file sharingsystem according to claim 1, wherein said information processing unitincludes: a file deletion unit for deleting the file designated withsaid third account and said third path from said different storageapparatus.
 13. The file sharing system according to claim 1, wherein aninformation processing unit that is able to access said differentstorage apparatus includes: a search request unit for accepting input ofsearch information to be used in the search together with privacyinformation containing a fourth account for specifying a user searchinga file, accessing said different storage apparatus by using a fifthaccount corresponding to said fourth account, and issuing a request forsearching explanatory information in said different storage apparatus byusing said search information; and a search result reception unit forreceiving, as a search result, explanatory information searched based onthe request from said search request unit and a path of the fileassociated with said explanatory information.
 14. The file sharingsystem according to claim 1 comprising a plurality of said storageapparatuses, wherein, upon creating said new file, said file creationunit includes processing of partitioning said new file to be createdinto prescribed subfiles, determining said second path per partitionedsubfile, and partitioning and creating said file in said plurality ofstorage apparatuses by using said second path per said subfile; andwherein said management table manages the correspondence relationship ofa second path determined per said subfile and the storage apparatus inwhich said subfile was created.
 15. The file sharing system according toclaim 1, further comprising: a server disposed between said at least oneor more information processing units and said storage apparatus forconverting an address on said Internet; wherein said informationprocessing unit accesses said storage apparatus via said server.